Cross-Site Scripting Vulnerability in Novell Identity Manager and Associated Modules
CVE-2011-2227

Currently unrated

Key Information:

Vendor: Novell
Status: Identity Manager Roles Based Provisioning Module
Vendor: CVE Published:; 8 October 2011

Summary

A cross-site scripting (XSS) vulnerability exists in Novell Identity Manager's User Application and Roles Based Provisioning Module. This flaw permits remote attackers to inject arbitrary web scripts or HTML through the apwaDetail (apwaDetailId) parameter. Exploiting this vulnerability can allow attackers to execute malicious scripts in the context of a user's browser, potentially compromising sensitive information and user sessions.

References

http://support.novell.com/docs/Readmes/InfoDocument/patch...

x_refsource_CONFIRM

http://support.novell.com/docs/Readmes/InfoDocument/patch...

x_refsource_CONFIRM

http://support.novell.com/docs/Readmes/InfoDocument/patch...

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 8, 2011
Vulnerability Reserved
Jun 2, 2011